High-Risk Addresses of the Month: LocalBitcoins Phishing Attack + Cryptopia Hack

1. Localbitcoins Phishing Attack

Stolen Funds from recent Localbitcoins Phishing attack lead to the largest exchange.

LocalBitcoins was hit by a hacker who managed to steal 7.95 BTC (approx. $27,825) by using a fake link to LocalBitcoins website located on their forum.
Source:https://www.reddit.com/r/local...

Source: reddit

According to the LocalBitcoins and their security vulnerability report on the 26th of January 2019 around 10:00 AM UTC they admitted that LocalBitcoins detected a security breach and stated that the attack “was related to a feature powered by a third-party software”

The LocalBitcoins Forum caused this issue and was immediately taken down by the LocalBitcoins team.

localbitcoins.png

There are currently 6 victims identified and according to one of the victims, the funds have been already reimbursed by LocalBitcoins, which is good news. Let’s have a look into the details, first info about issues with the LocalBitcoins Forum were mentioned on Reddit around 1:00 AM UTC on Jan 26th where one of the users wrote that visiting the LocalBitcoins forum redirects to a phishing website which looks like LocalBitcoins, however the user is not logged in and when the user inputs their login the website captures the login, password and 2FA codes to withdraw user’s funds, as you can see below:

Source:https://www.reddit.com/r/local...

Source: redditsources: https://www.reddit.com/r/local... | https://muut.com/i/localbitcoi...

sources: https://www.reddit.com

https://muut.com

We have closely investigated this case and this address 13WaahhsiGph4ysmQtjVhVTdgQUSL62KJr belongs to the entity who perpetrated the phishing attack which received 6 payments from LocalBitcoins, as you can see below the stolen coins were sent to 5 different addresses before they ended up here: 1FtVm5cV6fwJ67E859LmkxQWb3X3K5VPiP

According to our data, this is a deposit address of one of the biggest exchanges in the cryptocurrency space. Even though this exchange address received only ~7.95BTC from the LocalBitcoin phishing attack, it has received in total 3184.57 BTC (~$12,447,489 at the txs dates) valued around $10,827,541 today throughout its existence. Below you can see the path of the stolen coins through Coinfirm’s Visualizer tool from the Coinfirm AML Platform. This data has been submitted into the AMLT Network, and future risk reports for related addresses will reflect the appropriate updates and risk indicators.

Vis1.png

2. Cryptopia Exchange Security Breach
A major New Zealand Cryptocurrency Exchange with over 2M users (source), Cryptopia, announced unscheduled maintenance on the 13th of January which caused a problem that their users could not log in, deposit or withdraw cryptocurrency assets.

tweetgraphicctpiaa.png

An official statement has been issued by Cryptopia 13 hours later where stated that they suffered a security breach which caused significant losses.

tweetgraphicctpia1q.png

According to the statement above we could assume that they got hacked and lost over 28773.56 ETH which was worth approximately $3.63M at the time of transaction. Stolen coins were sent to this address 0xc8b759860149542a98a3eb57c14aadf59d6d89b9 and they were transferred further to this address: 0xaa923cd02364bb8a4c3d6f894178d2e12231655c.

You can track the whole path of stolen coins thanks to Coinfirm’s tool – Visualizer as you can see below:

visgraphicc.png

This was the first part of the attack, the second one includes tokens stored on Cryptopia’s Hot Wallet. Coinfirm has analysed this address: 0x9007a0421145b06a0345d55a8c0f0327f62a2224 and it looks like 100 different tokens were stolen resulting in a loss of approx. $13.81M.

The final amount totaled at $17.44M which is the highest reported loss in 2019 so far.

Please see our AML reports and note that interacting with these 3 addresses may expose you to risk and end up with an increased C-Score.

AML Risk Report of “0x9007a0421145b06a0345d55a8c0f0327f62a2224”

Riskreport11.png

AML Risk Report of “0xaa923cd02364bb8a4c3d6f894178d2e12231655c”

Riskreport22.png

AML Risk Report of “0xc8b759860149542a98a3eb57c14aadf59d6d89b9”

Riskreport385.png

If you’re interested in partnering with Coinfirm or becoming an AMLT Network Member then contact us!

Thank you for your continued support and make sure to follow all of our latest updates on Coinfirm’s Twitter, Facebook, LinkedIn and AMLT Telegram Community.

Sincerely,
The Coinfirm Team

subscribe to newsletter